Share via

Managing Microsoft Security Baseline on non domain joined systems

Franz Schenk 341 Reputation points
2022-12-22T12:54:54.32+00:00

Have to manage and secure non domain joined Server 2022 Systems.

We are using the Microsoft Server 2022 Member Server Security Baseline from the Security Compliance Toolkit (MCT).

But due to lack of documentation, we really don't know how to manage the settings on non domain joined servers. The script "Baseline-LocalInstall.ps1" that is part of the Security Compliance Toolkit does apply the Microsoft security baselines. But there is no documentation about this script. On Github, there are only old versions, also without documentation.

We have to change several settings on non domain joined servers. How can we export these changed settings, along with all settings that are defined in the Microsoft security baseline? So, that we can apply the adjusted settings with the script "Baseline-LocalInstall.ps1" to other systems?

Thank you in advance for any help
Franz

Windows for business | Windows Server | Devices and deployment | Configure application groups
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sean O'Brien 11 Reputation points
    2022-12-29T14:14:16.15+00:00

    Hello there,

    We can deploy security baseline configurations to domain and non-domain joined servers with Security Compliance Manager (SCM). This is done by first exporting the security baseline as a GPO, and then importing it either as group policy or local policy depending on whether or not the client is a member of an active directory domain.

    To use LocalGPO on a non-domain-joined computer, you must either install a local copy of the tool or use the GPOPack option. GPOPack bundles LocalGPO and the GPO settings inside a self-extracting file that you can then automatically install on your clients.

    -------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    1 person found this answer helpful.
    0 comments
  2. Franz Schenk 341 Reputation points
    2022-12-29T15:14:09.013+00:00

    Hello

    Thank you for your hint about the Security Compliance Manager (SCM). But according the information that I have found in the Microsoft Security Baseline Blog, SCM is retiered since three years:

    274848-2022-12-29-16-06-43-security-compliance-manager-sc.png

    But what I can't unterstand: There is a SCM download link from 2021!

    274901-2022-12-29-16-08-18-download-microsoft-security-co.png

    Do you have information, if SCM is still supported from Microsoft or not?

    0 comments
  3. Franz Schenk 341 Reputation points
    2022-12-29T16:07:33.47+00:00

    SCM seems completely outdated. Have installed the most current Vewrsion from 2021, and in the picture below are the baselines that Microsoft does provide with SCM.

    274911-scm.png

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.